Monitoring Service principal sign-ins with AzureAD and Azure Sentinel

Here is a conversation between Jeffrey (Developer) and Marc (IT Admin) working for ECorp Ltd. Looks familiar? Take a look in your Azure Active directory, how many applications do you have there? In an ideal world you maintain an inventory of all these applications somewhere in your asset management database so that you know who is the owner of the Application and what it is used for and what API permissions are granted. As for Read More …

How to create your Defender ATP Admin Audit Log Dashboard

Hello everyone, In today’s blogpost I will walk you through the process of creating an admin audit log dashboard for Defender Advanced Threat Protection. During my past customer engagements, I was often asked if there is a way to show device actions taken by Defender ATP admins. The answer is yes, this is possible. First the information is available through the Defender ATP API, second the information is also stored within the Windows event log Read More …

How to get started with Azure log Analytics

If you’re interested in getting your hands dirty with Azure Log Analytics, here’s a few resources and tips on how to get started. The Video’s If you’re looking for some imagination of what Azure Log Analytics is all about and what you can do with it, here’s a couple of videos I recommend watching. Azure Log Analytics (13 minutes) https://channel9.msdn.com/Shows/Azure-Friday/Azure-Log-Analytics?ocid=player What’s changed in Azure Log Analytics? (5 minutes) https://channel9.msdn.com/Blogs/Azure/Whats-changed-in-Azure-Log-Analytics The improved Azure Log Analytics: A Read More …

OMS Security and Audit Baseline Assessment

The Microsoft Operations and Management Suite, Security and Audit Solution includes a Baseline Assessment component. The Baseline configuration definition includes a set of Registry, audit policy and security policy settings rules that are recommended to configure to achieve a secure operating environment. Within the Console we get an overview of “Rules” that have failed, because the servers don’t have the recommended configuration applied. While looking at this, I wondered where I can find the complete Read More …

OMS Log Analytics HTTP Data Collector API – Work notes

I believe that the Microsoft Operations Management Suite is yet another example of how cool Cloud based solutions can be. Instead of first having to spin up an entire backend infrastructure before you can actually start collecting data, with the Microsoft Operations Management Suite you can directly start focusing on the task of collecting and visualizing your data. This blog post is basically a summary of my notes and scripts that I created while exploring Read More …